Rise in cyber attacks on Australian businesses

Asher Moses

On the case of cyber security... Prime Minister Julia Gillard and new Attorney-General Mark Dreyfus during question time in Parliament House in Canberra on 5 February 2013. Photo: Andrew Meares

Cyber attacks against Australian organisations are rising, with more than one fifth of 255 major companies surveyed for a new government report admitting they were targets in the past year.

Of those, a further 20 per cent said they had experienced more than 10 "cyber security incidents". One organisation reported the theft of 15 years of critical business data.

The 2012 Cyber Crime and Security Survey Report, commissioned by national computer emergency response team CERT Australia and conducted by the University of Canberra, was released on Monday.

The report said those who reported no cyber incidents were likely to not have detected them.

Advertisement

More than half of the affected organisations surveyed believed the attacks on their company to be targeted (rather than indiscriminate), with the majority coming from external sources but 44 per cent originating from within the organisation.

Attacks involved the use of malicious software such as "ransomware" and "scareware", and trojans to steal confidential information, and denial-of-service attacks.

This is despite 90 per cent of respondents reporting the use of anti-virus software, spam filters and firewalls, and 65 per cent having IT security staff with tertiary qualifications.

In late September last year CERT Australia received calls from more than 25 organisations being targeted by ransomware, which involved attackers scaring victims into handing over money or risk losing data.

Another example included in the report was in early last year when CERT Australia received reports from a range of financial companies whose websites were targeted with DDoS attacks, knocking them offline and demanding they make a payment.

"Cyber attacks have shifted from being indiscriminate and random to being more coordinated and targeted for financial gain," Attorney-General Mark Dreyfus said.

"Most attacks occur from outside the business, although it appears internal risks are also significant."

Rob McAdam, CEO of security consultancy Pure Hacking, said every business could now expect to be targeted by hackers in its lifetime.

"It no longer matters whether you are a major corporation, a not-for-profit, government department or small business in the suburbs, every business is a target for hackers and this is not going to change in our lifetime," he said.

"Hackers, cybercriminals and hactivists are able to cause untold damage to a business, its brand and reputation. They steal business intelligence, funds, sensitive customer records, deface websites and freeze applications - even basic internet access and email - to extort money, all of which wreaks havoc with a company's operations."

At a time when it only takes one naive employee clicking on a malicious email attachment to breach a corporate network, the report found "many organisations are not confident that cyber security is sufficiently understood and appreciated by staff, management and boards".

One fifth of the targeted organisations said they did not report the cyber incidents to a law enforcement agency because they feared negative publicity.

The most common way hackers broke into organisations was by using powerful automated attack tools or exploiting software holes or misconfigured systems. A third of attacks involved the theft of notebooks, tablets or mobile phones.

Another survey report released earlier this week found more than 20 per cent of 1500 security professionals surveyed by the global IT association ISACA said their enterprises had experienced an advanced persistent threat (APT) attack of the type designed for specific targets, usually to gather intelligence or steal prized information. According to the study 94 per cent of respondents said while APTs represented a credible threat to national security and economic stability, most enterprises were employing ineffective technologies to protect themselves.

In January, Prime Minister Julia Gillard announced that CERT Australia would soon be part of a new Australian Cyber Security Centre, which aims to develop a comprehensive understanding of cyber threats facing the nation.

However, in Senate estimates last week it was revealed there would be no new funding for the centre, with 95 per cent of staff coming from Defence and no independent leadership.

6 comments

We aere attacked last week after having been targetted for 3 weeks when they finally got in. No major long term critical damage but major spam issue, need to rebuild website and cleanse system. We know his name and where he lives in Indonesia but cannot find an appropriate drome to use!

Commenter

Greg100

Date and time

February 18, 2013, 12:20PM

I have had to repair issues with spamming from a businesses own servers.This includes banking scams and more.Poor architecture and a requirement to show off or lie is a predominant theme in many of the organizations I have worked for.Business Development Managers (BDM's), who are glorified sales staff and accountants have too much say in want they are uneducated and ill equipped from an experience point of view to deal in the IT area.The CEO's and Managers of many of Australia's companies do not have the experience or knowledge to control IT.Continued reference to I saw this and I saw that without the understanding of time and cost is common with Australian sales staff. Lack of projected results and identification of a potential market is a and being able to cost them is rampant.Currently, the biggest and most forthright liar is considered valuable. Can you follow your lie thru? Can you bring up a 1% issue that overshadows the majority? This is a typical Aussie trait. Being a politically correct liar is looked up to over logic and reasoning if debate is involved. Poor show Australia. Cripple the smart science types some more for the arts and entertainment. Australian IT based organizations in general do not train their staff but expect them to be an expert with 50 technologies.

Wake up! Lazy sheep.

Commenter

Lefty

Location

Melbourne

Date and time

February 18, 2013, 2:41PM

CEO's and managers try too skimp on infrastructure to save money.This is old hat and I have fixed a lot of servers that illegally spam people worldwide with scams.Company owners and board members failed to see the problem. Why?They were shown. Stop blaming hackers and look at yourself.Poor infrastructures laden with floors. Serves you right. Clean up the dodgy owners and fine them.I can provide you a list of companies I have worked for that fail basic IT knowledge.If it looks good it must be good. WRONG!

Commenter

Lefty

Location

Melbourne

Date and time

February 18, 2013, 3:19PM

And they call this day and age of the computer modern technology. I've spent many an hour cleaning out servers and computers. When will people ever learn to protect their asests (computers) and not to be cheap skates, they only have themselves to blame if they get scammed and I have no sympathy for them.

Commenter

Bill

Location

Canadian

Date and time

February 18, 2013, 4:55PM

Has been going on since the Internet became available. Without teeth in federal, state and territory laws making it mandatory for every business and government agency to release their security breaches and attempts you will never know the true story. We teach this at uni and yet businesses only have to show they have made an attempt to secure data, not good enough and I would like to see the report of attacks on federal government security systems and the loss of privacy, confidentiality and integrity.

Commenter

Tony of Kureelpa

Date and time

February 18, 2013, 6:17PM

i agree with Greg100, time to send in the drones, or the goons, let them know they can't hide then we will see some reluctance to interfere with peoples property by these criminals.

Subscribe to IT Pro

Follow Us

Editor's Choice

Prime Minister Tony Abbott has bolstered Malcolm Turnbull's ministerial duties, handing him greater responsibility for e-government in a push to expand the use of a single digital identity for Australians.

Data

The new roof that spans Margaret Court arena does more than keep out the weather. Built into the gantries that surround the sliding ceiling are Wi-Fi antennas that beam web access to every ticket holder.